[kolab3.1][multi-domain] user authentication from users of 2nd domain does not work

Christian Hügel christian.huegel at stonebyte.de
Sun Feb 2 09:41:53 CET 2014


Hi Hoagie & Daniel,


i have also noticed this strange behavior: 
http://lists.kolab.org/pipermail/users/2014-January/016529.html

Regards,

Chris

Am 02.02.2014 00:45, schrieb hoagie:
> Hi Daniel,
>
> That link was actually my starting point and I believe I followed all
> steps correctly.
>
> I actually WAS able to login in the beginning with the user of the 2nd
> domain, however there was a problem that this user did not had a mailbox.
>
> I saw then in the output of "kolab list-mailboxes" that this particular
> user had some strange entries + certain default folders had not been
> created.
>
> So I deleted the user again in the webgui + manually deleted the user
> with the kolab cli command. restarted the kolabd.
> added the user again via webgui.
>
> output of "kolab list-mailboxes" now shows a mailbox like any other
> (working) user on the management domain.
>
> and since THEN i could not login. :-/
>
> probably it has something to do that whatever I configured via the
> webgui does somehow not become synced with the directory server?
>
> regards,
> Hoagie
>
>
>
> On 02.02.2014 00:44, hoagie wrote:
>> On 02.02.2014 00:34, Daniel Hoffend wrote:
>>> Hi Hoagie
>>>
>>> You've to modify the roundcube configuration to support multi domain
>>> lookups/logins and various other parts of kolab to make them aware of
>>> the multiple domains and the different used ldap directories (domain
>>> part == different ldap user space == different organization)
>>>
>>> If you don't need separate name spaces (aka same company multiple
>>> domains) just add them as additional domains to your main one.
>>>
>>> Please take at this howto:
>>> http://docs.kolab.org/howtos/multi-domain.html
>>>
>>> For roundcube this is basically replacing things things like
>>> "ou=People,dc=example,dc=org" with "ou=People,%dc", etc.
>>>
>>> Cyrus (remove canonfication) and Postfix (add additional lookup tables)
>>> have similar bigger changes.
>>>
>>> Hope that helps
>>>
>>>
>>> Regards
>>> Daniel
>>>
>>> ------ Originalnachricht ------
>>> Von: "hoagie" <hoagie at todes.net>
>>> An: users at lists.kolab.org
>>> Gesendet: 02.02.2014 00:12:36
>>> Betreff: [kolab3.1][multi-domain] user authentication from users of 2nd
>>> domain does not work
>>>
>>>> Hi Everybody,
>>>>
>>>> I hope someone can help me, i cannot find the cause of the problem.
>>>>
>>>> I have a multidomain setup and the problem is that users that I created
>>>> for the second domain cannot login to roundcubemail.
>>>>
>>>> management domain = example.org
>>>> 2nd domain = example.net (real 2nd domain, no alias).
>>>>
>>>>
>>>> output from "cat /var/log/roundcubemail/imap" shows an authentication
>>>> failure:
>>>>
>>>> [01-Feb-2014 23:50:38,000000 +0100]: [252F] C: A0004 AUTHENTICATE PLAIN
>>>> <some-alphanumeric-long-code>
>>>> [01-Feb-2014 23:50:41,000000 +0100]: [252F] S: A0004 NO authentication
>>>> failure
>>>>
>>>>
>>>> output from "cat /var/log/roundcubemail/userlogins" shows as well an
>>>> error:
>>>>
>>>> [01-Feb-2014 23:50:41,000000 +0100]: Failed login for name at example.net
>>>> from 10.0.0.4 in session mcbij4ac9vks4l3rrbr0lfj5v3 (error: 0)
>>>>
>>>>
>>>> however the user does exist in LDAP (output from "cat
>>>> /var/log/roundcubemail/ldap")
>>>>
>>>> [01-Feb-2014 23:50:38,000000 +0100]: C: Connect to localhost:389 [Kolab
>>>> Auth]
>>>> [01-Feb-2014 23:50:38,000000 +0100]: S: OK
>>>> [01-Feb-2014 23:50:38,000000 +0100]: C: Bind
>>>> uid=kolab-service,ou=Special Users,dc=example,dc=org [pass: **********]
>>>> [01-Feb-2014 23:50:38,000000 +0100]: S: OK
>>>> [01-Feb-2014 23:50:38,000000 +0100]: C: Search
>>>> ou=People,dc=example,dc=net for
>>>> (&(objectclass=inetorgperson)(|(uid=name)(mail=name at example.net)(alias=aliasname at example.net)))
>>>>
>>>> [01-Feb-2014 23:50:38,000000 +0100]: S: 1 record(s) found
>>>> [01-Feb-2014 23:50:41,000000 +0100]: C: Close
>>>>
>>>>
>>>> Something is not right as well in /etc/kolab/kolab.conf:
>>>>
>>>> # tail -f pykolab.log
>>>> 2014-02-01 23:35:19,639 pykolab.conf WARNING Option ldap/auth_cache_uri
>>>> does not exist in config file /etc/kolab/kolab.conf, pulling from
>>>> defaults
>>>> 2014-02-01 23:35:19,640 pykolab.conf WARNING Option does not exist in
>>>> defaults.
>>>> 2014-02-01 23:35:19,663 pykolab.conf WARNING Option imap/virtual_domains
>>>> does not exist in config file /etc/kolab/kolab.conf, pulling from
>>>> defaults
>>>>
>>>> and am getting an error as well here:
>>>>
>>>> # tail -f /var/log/dirsrv/slapd-civitas/errors
>>>> [02/Feb/2014:00:00:26 +0100] NSACLPlugin - acllas__client_match_URL: url
>>>> [ldap:///dc=example,dc=net??sub?(objectclass=*)] scope is subtree but dn
>>>> [dc=example,dc=net] is not a suffix of [uid=kolab-service,ou=special
>>>> users,dc=example,dc=org]
>>>> [02/Feb/2014:00:00:26 +0100] NSACLPlugin - acllas__client_match_URL: url
>>>> [ldap:///dc=example,dc=net??sub?(objectclass=*)] scope is subtree but dn
>>>> [dc=example,dc=net] is not a suffix of [uid=kolab-service,ou=special
>>>> users,dc=example,dc=org]
>>>>
>>>>
>>>> and maillog shows a password verification error:
>>>>
>>>> # tail -f /var/log/maillog
>>>> Feb 2 00:04:39 civitas imap[1869]: starttls: TLSv1 with cipher
>>>> DHE-RSA-AES256-SHA (256/256 bits new) no authentication
>>>> Feb 2 00:04:39 civitas imap[1869]: client id: "name" "Roundcube"
>>>> "version" "1.0-git" "php" "5.3.3" "os" "Linux" "command"
>>>> "/roundcubemail/?_task=login"
>>>> Feb 2 00:04:39 civitas imap[1869]: badlogin: localhost [::1] PLAIN
>>>> [SASL(-13): authentication failure: Password verification failed]
>>>>
>>>>
>>>>
>>>> For any clues, notes or hints i´d be greatful.
>>>>
>>>> tnx.
>>>>
>>>> Regards,
>>>> Hoagie
>>>>
>>>> _______________________________________________
>>>> users mailing list
>>>> users at lists.kolab.org
>>>> https://lists.kolab.org/mailman/listinfo/users
>>>
>>
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users
>>
>
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
>


More information about the users mailing list